IDEAGEN TECHNOLOGY LIMITED

Ideagen Internal Audit - Pentana Audit MK Edition

Used by over 50 local councils and several Internal Audit Offices, Ideagen gives internal audit teams an end-to-end solution that covers all of their needs. This is cloud-based software that pulls your entire audit universe in to one place for full realtime visibility, with highly flexible reporting and personalized dashboards.

Features

• Risk-based audit planning that aligns internal audit to risk priorities
• Audit project management and scheduling to streamline audit processes
• Electronic working papers to capture all audit documentation including incidents
• Centralised management of recommendations and action tracking.
• Personalised dashboards with live charts and heatmaps.
• Flexible reporting to meet the needs of each stakeholder group.
• Time recording and expense recording for budget monitoring.
• Centralised and accessible policy libraries and document libraries.
• On-line questionnaires for audit client information gathering.
• Compliance performance management to suit regulatory or high-level framework .

Benefits

• Monitor the team’s progress across workpapers, projects and workpapers.
• Work to a consistent methodology that’s easy to maintain.
• Spend less time managing systems and chasing follow-up actions.
• Create a culture of accountability, knowledge transfer, and collaboration.
• Provide timely assurance, supported by live and trustworthy data.
• Consolidate data from across departments and services without manual work
• Provide external audits and inspectors with reports quickly and easily.
• Help to promote transparency, value for money and accountability.
• Comply with all legislative requirements, including financial and ESG.
• See issues at-a-glance with personalized dashboards and engaging visuals.

£13,870 an instance

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@ideagen.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

905050036552714

Contact

Sales Support
01629699100
g-cloud@ideagen.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: For Ideagen Hosted Solution, hotfixes get rolled out automatically. It is only major releases that we have an approval process for. If there is a hotfix for the major version they're on, everyone on the hosted platform receives these updates at the same time.; ; Users are notified when upgrades are available. Customers need to roll out a new client during an upgrade. Ideagen Internal Audit (Pentana Audit MK) client application is installed with an .msi installer, so installation may be automated with deployment tools such as SCCM.
• System requirements:
  • Minimum supported OS is Windows 10, Windows Server and Microsoft.
  • SQL Server are not required for the Ideagen Hosted Solution.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Ideagen operate on 4 Priority Levels; ; Urgent – P1; Example: System Outage; We aim to respond within 1 hour; We aim to provide a resolution plan within 4 hours; ; High – P2; Example: Critical Component Failure ; We aim to respond within 2 hours; We aim to provide a resolution plan within 8 hours; ; Normal – P3; Example: Problematic Behaviour; We aim to respond within 8 hours; We aim to provide a resolution plan within 24 hours; ; Low – P4; Example: Non-Critical Failure/Query ; We aim to respond within 12 hours ; We aim to provide a resolution plan within 48 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: We have a dedicated Ideagen Support Team that operates a risk-based triage process in order to prioritise all support requests. This is based on the impact to end users and also the severity of the issue as defined by the customer reporting the issue. This risk assessment will produce a priority level. Software issues (e.g. bugs, defects) are reviewed and verified by Ideagen’s Test and QA Teams. Once reviewed, the issue is given a severity which controls the time of a fix. Support is provided as part of annual maintenance cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: When onboarding a new client, implementation support, configuration, and training services are all provided as standard. To further support, Ideagen provides product user documentation, and e-learning content.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: On-line flash-video training materials.
• End-of-contract data extraction: This would be managed through a data extraction/export service via our Technical Services Division. This would be managed at no additional cost within 30 days after the effective date of termination.
• End-of-contract process: Where Ideagen hosts client data, upon request by the client within 30 days after the effective date of termination or expiration of the agreement. Ideagen will make the relevant client data available to the client for export or download. After that 30 day period Ideagen will have no obligation to maintain client data. ; Additionally, upon termination or expiry of the agreement, the customer is entitled to transfer assistance within the running notice period and until up to 14 days after the termination of the agreement. This service comes at no additional cost to the customer.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Ideagen Internal Audit (Pentana Audit MK) uses Fat client and browser. ; ; The system is an application that is a .Net application that uses web-enabled capabilities but is not web-dependent. Thereby enabling auditors to work quite seamlessly offline wherever they happen to be in the world. The system supports seamless offline working for audit work and audit management.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Ideagen Internal Audit (Pentana Audit MK) is a locally installed Microsoft Windows application with a web component. ; ; The Web Content Accessibility Guidelines (WCAG) defines requirements for designers and developers to improve accessibility for people with disabilities. It defines three levels of conformance: Level A, Level AA, and Level AAA. Ideagen Internal Audit (web components) is partially conformant with WCAG 2.2 level AA. Partially conformant means that some parts of the content do not fully conform to the accessibility standard.; ; Although our goal is WCAG 2.2 Level AA conformance, we have also applied some Level AAA Success Criteria: ; • Images of text are only used for decorative purposes. ; • Re-authentication after a session expires does not cause loss of data. ; ; The guidance document for Web Content Accessibility Guidelines to Information and Communications Technologies (WCAG2ICT) (link: https://www.w3.org/TR/wcag2ict/#intro_excluded) is used to inform the design of the current user interface. However, this does not represent success criteria for Ideagen Internal Audit in non-web areas of the software.
• API: Yes
• What users can and can't do using the API: A one-way API out of the system exists to allow information to be extracted for use in mapping to other systems. The customer can use the extracted XML data to integrate with their third-party business intelligence solutions for external reporting.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: We use the term configuration as the ability to configure the existing feature within the system. Ideagen Internal Audit (Pentana Audit MK) is configurable by your team with the relevant permissions. ; ; The system is fully configurable to include the fields required to capture the data relevant to each customer. Supported field types include but are not limited to Rich Text, Plain Text, Date Selection, List Selection, User Selection, Number fields, etc.; ; Reports can be configured and tailored using the many filters and options to support ad-hoc reporting. Furthermore, the system provides the ability for customers to design their own reports in the Template Designer Module.

Scaling

• Independence of resources: Using a virtual scalable infrastructure in the Microsoft Azure cloud, we control and monitor resources to ensure that performance is maintained across the system.

Analytics

• Service usage metrics: Yes
• Metrics types: The ability to track access logs, user activities, admin activities, and access exceptions are all captured within the event log and audit trail as standard functionality within Ideagen Internal Audit (Pentana Audit MK). Concurrent account usage and User login are recorded in the event log. The system also logs all exceptions if they are raised. Those logs can be accessed via the Pentana Audit MK interface with our support help.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: The virtual hard disks (VHD) are encrypted using the industry-standard AES-256 algorithm.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Simple record(s) export options exist within the reporting functionality of the application (export to csv, pdf, xls, etc.) ; ; Moreover, a one-way API out of the system exists to allow information to be extracted for use in mapping to other systems. You can use the extracted XML data to integrate with your third-party business intelligence solutions (such as Tableau, PowerBI) for external reporting.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Docx
  • Rtf
  • Pdf
  • Xlsx
  • XML
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Encryption at rest (AES256)

Availability and resilience

• Guaranteed availability: The SLA provides a 99. 7% uptime guarantee. ; If the Monthly Uptime Percentage falls below 99.7% for any given month, you may be eligible for the following Service Credit:; ; Monthly Uptime Percentage Service Credit; < 99.7% 10%; < 99.5% 20%; ; If Ideagen fails to meet the minimum Monthly Uptime Percentage described above for a Service, you may submit a claim for a Service Credit;; ; Client must submit a claim to customer support at Ideagen that includes: (i) a detailed description of the Incident; (ii) information regarding the duration of the Downtime; (iii) the number and location(s) of affected Users (if applicable); and (iv) descriptions of your attempts to resolve the Incident at the time of occurrence.
• Approach to resilience: Leveraging the highly resilient nature of the Microsoft Azure cloud infrastructure, extensive fault tolerance technologies are used with no single point of failure. Detailed information is available on request.
• Outage reporting: Automated active monitoring system and alerts are in place. If an outage is detected, Ideagen's cloud operations team will be automatically alerted, and clients will be informed via email or telephone depending on the severity.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Ideagen have product specific as well as corporate access control policies that are assessed as part of our ISO accreditations. Ideagen operate on a least privilege basis. Access to servers containing client data is subject to individuals demonstrating an appropriate need via an access request form that only when approved grants access via a token sent to the requesters email address. Only the requester can authenticate for a predefined amount of time. Even Ideagen "privileged" users in our cloud operations team are subject to the access control process described in the above statement.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: United Registrar of Systems
• ISO/IEC 27001 accreditation date: 12/12/2023
• What the ISO/IEC 27001 doesn’t cover: All applied.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Self validated by Blue Snap
• PCI DSS accreditation date: 10/04/2024
• What the PCI DSS doesn’t cover: Ideagen use a system called Blue Snap to process all credit card payments.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Ideagen are a security and governance focused organisation with dedicated departments responsible for the oversight and implementation of our governance and risk programmes, data protection, policy reviews, cyber security, and cloud operations. These departments work closely with other functions within Ideagen to ensure that we place security at the centre of all solutions design, change management and staff training. Ideagen’s information security programme has been validated and certified by an independent auditor to confirm alignment with ISO27001 and Ideagen also follow ISO27002 best practice.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes are subject to Ideagen's change management policies and procedures that are audited as part of our ISO certifications. Risk is measured and appropriate mitigations defined as part of the change approval process. Each change is properly assessed to ensure that operational risk is reduced, and measures are in place for back-out plans should an issue occur. Any high-risk change must be authorised by a senior manager. Development adheres to a documented SDLC, from Design to Code to Test through to Release. Development and Test strategies consider security aspects in both application and deployment activities.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Ideagen undertake ‘at least’ monthly internally managed vulnerability scans using industry standard tools, in addition to internal vulnerability and penetration tests on the application from a development perspective as per Ideagen's SDLC. Ideagen commission an annual externally managed penetration test, which includes the infrastructure and application. Findings from each assessment are reviewed, risk ranked, and assigned to the responsible team for remediation in accordance with their classification. A penetration test is carried out by an external provider, results can be shared upon receipt of a signed NDA. Policies on penetration testing, vulnerability and patch management are on available request.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Ideagen have a managed SIEM that collates events from a large number of sources (E.g. next gen end point EDR, Network OS etc). There are UEBA tools in use that also feed into the SIEM and raise alerts. Alerts are raised with the Cloud Operations Team. There is 24 hour, 365 days a year monitoring in place. Time to respond is based on severity of issue, issues go through a risk-based triage process and are classified as a Priority 1 to Priority 4 based on the impact to end users and also the severity/urgency of the issue.
• Incident management type: Supplier-defined controls
• Incident management approach: Ideagen have in place a Cyber Security Operations Centre consisting of dedicated team members, responsible for managing, investigating and resolving all areas relating to information security, and report to the Global Head of Cyber Security. We also have a Cyber Emergency Response Team made up from domain experts across the Ideagen business, the members of the CERT would change dynamically to respond to different incidents. The CERT is responsible for working alongside the SOC, extending the technical triage, investigation, resolution and communications. Ideagen staff are required and encouraged to report identified information security events and weaknesses.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Ideagen prioritises environmental responsibility, holding ISO14001:2015 accreditation since 2015 in the UK, monitoring energy usage, and complying with ESOS regulations. We report our carbon footprint annually through the Directors' Report in accordance with Streamline Energy and Carbon Reporting (SERC) mandates.; In our software strategy, we emphasize social responsibility by transitioning products to sustainable operations like Amazon and Microsoft Cloud, aligning with their commitment to carbon footprint reduction and Corporate Social Responsibility.; We're actively pursuing our Net Zero Commitment Project, focusing on three main areas: sourcing renewable electricity, reducing travel, and engaging suppliers to lower emissions through stringent criteria and preference for those with carbon reduction targets. Ideagen pledges to reduce absolute scope 1 and 2 GHG emissions by 90% by FY2030 and scope 3 GHG emissions by 51.6% per million GBP value added from an FY2022 base year.; All Ideagen employees currently have remote work options, contributing to reduced carbon footprint. Our community efforts include educating local schools on responsible business and engaging students in environmental initiatives.; Moreover, we're guided by ISO 26000 to enhance socially responsible behavior, recognizing the importance and benefits of such practices in today's evolving landscape.

  Covid-19 recovery

  Early and decisive actions were taken by senior management to focused on protecting team members, supporting our customers and positioning for the future.; As a software development company most of staff were already set up to work from home, and the remaining measures were quickly put in place to also work from home. Daily communication by line managers and between team members was encouraged and support and relevant measures put in place for those not able to work from home.; Social dialogue was maintained through online language, Yoga and Dance classes. Healthcare sessions e.g., Health Heart by British Heart Foundation are offered. Online meet up with other departments encouraged not just for work but through ‘coffee and chat’ sessions and book clubs.

  Equal opportunity

  The company upholds equal opportunities for all, irrespective of age, disability, gender, marital status, pregnancy, race, religion, sex, or sexual orientation, in all aspects including recruitment, pay, and training. A Diversity, Equity, and Inclusion (DE&I) advisor was appointed in 2024, with a new strategy set for launch. A dedicated learning & development function exists within the people team, with a substantial budget allocated for talent development, offering apprenticeships from various levels to degrees for all age groups.; Ideagen collaborates with Nottingham Forest Community Trust for the Think Big Community program, targeting disadvantaged youth, promoting tech industry careers, with provisions for SEND and mainstream learning. Fifty Think Big Ambassadors, including those with disabilities, share career experiences. Partnerships with Autism East Midlands and Nethergate Academy aim to enhance employment prospects for neurodiverse individuals.; As a Cornerstone Employer, Ideagen is part of a national network supporting local skills strategies, emphasizing inclusivity and support for individuals with special needs. The Ideagen Women in Tech program at Nottingham Girls Academy has been ongoing since 2019, contributing to gender diversity in the tech industry.

  Wellbeing

  Ideagen offers a global wellbeing engagement plan of activity available for all employees to access either virtually or in person. This ranges from social clubs and exercise groups to health and wellbeing workshops, covering the four pillars of Financial, emotional, social and physical wellbeing. ; ; Ideagen has a number of trained Mental Health Champions in our larger locations globally to support employees. Ideagen have enhanced their AXA Health policy to include Mental Health and Counselling support. ; There is a wellbeing room available for employee usage at the head office in UK and in the Kuala Lumper office.; Ideagen have a Wellbeing hub on their Intranet that offers education, advice support and resource in line with the Be Well strategy and communication plan.; ; Ideagen offer flexible working and working from home / hybrid working patterns. ; Community is important, and all regions have a charity partner. Employees are encouraged to get involved with fundraising activities, and Ideagen also offer 5 days paid volunteering leave per year for all employees, so they can support the causes that matter in their local communities.; ; Employees are regularly surveyed to find out how they feel about every aspect of their life at Ideagen from office to line manager and career prospects, and engagement is measured using the nationally recognized eNPS system. There is a robust recognition scheme in place to encourage employees to recognize the great work and behaviours their peer's display. This scheme offers monetary and non-monetary forms of recognition.

Pricing

• Price: £13,870 an instance
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@ideagen.com. Tell them what format you need. It will help if you say what assistive technology you use.